The increasing complexity of today’s power system aggravated the stability and real-time issues. Wide-area monitoring system (WAMS) provides a dynamic coverage which allows real-time monitoring of critical knows of power systems. Phasor measurement units (PMUs) are being used in WAMS to provide a wide area system view and increase the system stability. A PMU is a sensor that measures the three-phase analog voltage, current and frequency and uploads the phasor information to the Phasor Data Concentrator (PDC) at a rate of 30 to 60 observations per second.  Typically, PMUs utilize a Global Positioning System (GPS) reference source to provide the required synchronization across wide geographical areas. On the other hand, civil GPS receivers are vulnerable to a number of different attacks such as jamming and spoofing, which can lead to inaccurate PMU measurements and consequently compromise the state estimation in the electric power grid. 


In this thesis, we propose three countermeasures against GPS spoofing attacks  on PMUs from three layers in the WAMS. In particular, we utilize the fact that in GPS-based PMUs, unlike most of the GPS applications, the position of the PMU receivers are already fixed and known. Our first technique employs an algorithm that accurately predicts the number of theoretically visible GPS satellites from a given position on earth. If the GPS receiver detects satellites which should not be visible at that time, this signifies a spoofing attempt. The second technique is an anomaly-based detection method which assumes that the statistics of malicious errors in GPS time solutions are unlikely to be consistent with the expected statistics of the typical receiver clock. We also propose a model which can be used to analyze the phasor data uploaded from two PMUs to the Phasor Data Concentrator. The relative phase angle difference (RPAD) is used in our algorithm to detect the spoofing attack. The algorithm uses Fast Fourier Transform to analyze the RPAD between two PMUs. We study the behavior of the low-frequency component in the FFT result of the RPAD between that two PMUs to detect the spoofing attacks. The effectiveness of the proposed techniques is confirmed by simulations.